Added By: Feedage Forager Feedage Grade B rated
Language: English
blog  code  console commands  content security  episode  events  laravel  news  queue  security  static  symfony console  symfony 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics

Up-to-the Minute PHP News, views and community

Published: Sat, 17 Mar 2018 18:25:11 -0500


Community News: PHP-FIG PSR Update

Fri, 16 Mar 2018 11:57:45 -0500

The PHP-FIG group, the ones responsible for the standards that helped to make Composer a real possibility (PSR-0 and PSR-4) have posted a general update of the various PSRs that are currently in progress and a brief summary of the status on each.

Hello everyone, we (the secretaries) decided it was time to post a status update for the PSR which are pending, as a way to update you members and the whole community on our work, and also to start discussion around some PSR that need a little more participation.

Current PSRs in the list include:

  • PSR-5: PHP docblock recommendations
  • PSR-12: Coding style guidelines
  • PSR-17: HTTP factories
  • PST-19: Streams/Async processing

If you would like to participate in the working group for any of the items listed in the full post, reply to it and the group will get back with you shortly.

PHPUgly Podcast: Episode 98 - Ethical Dilemmas

Fri, 16 Mar 2018 10:31:57 -0500

The PHPUgly podcast, hosted by Eric Van Johnson, John Congdon and Thomas Rideout, has posted their latest episode - Episode #98: [Ethical Dilemmas].

In this episode they mention topics such as:

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter to get updates on when new shows are released.

Laravel News: Getting Started with Laravel Model Events

Fri, 16 Mar 2018 09:47:09 -0500

The Laravel News site has a tutorial posted that introduces you to model events in Eloquent models and how to use them effectively in your code.

Laravel Model events allow you to tap into various points in a model’s lifecycle, and can even prevent a save or delete from happening. The Laravel model events documentation outlines how you can hook into these events with event classes, but this article aims to build upon and fill in a few additional details on setting up events and listeners.

The article starts with an overview of the different types of events available on the models and a brief summary of when each are fired. It then walks you through the process of registering events and where to configure the event-to-handler relationship. The artisan make:event command can then generate the skeleton code for you. In this class you can then add the handler method and then configure it in the providers. Finally it shows an example of how to test the event, stopping the save event and using observers to group the event handling.

Yappa Blog: (En)queue Symfony console commands

Thu, 15 Mar 2018 12:13:06 -0500

The blog has a tutorial posted sharing the method they used to implement queued and scheduled execution of Symfony commands. This is made possible by the Enqueue package.

At Yappa, we have always used Johannes' JMSJobQueueBundle to run and schedule Symfony console commands for background jobs.

However, we've stumbled upon a much more elegant solution called Enqueue. [...] It's packed with features, supports major brokers such as RabbitMQ, Kafka, Amazon SQS, Google PubSub, Redis etc. and has a bundle ready to be used with Symfony.

[...] One downside is that the Enqueue Symfony bundle doesn't provide an out of the box solution to queue Symfony console commands and there's no 100% straight forward way to implement this. In this post I'll cover the basics in setting up the Enqueue Symfony bundle so we can easily queue Symfony console commands!

The tutorial then walks you through the installation of the Symfony bundle, adding it to the list of installed bundles and configuring it with basic parameters and queue connection details. Next they've included the code to create the processor used when a command is pushed to the queue. To handle the other side (execution of the command when the queue is handled) they create a "QueuedCommand" value object and a command handler class. With this structure in place they show the addition of test commands to the queue and the result when the queue is consumed.

Three Devs & A Maybe: The Power of Composition with Scott Wlaschin

Thu, 15 Mar 2018 11:44:31 -0500

The Three Devs & A Maybe podcast, hosted by Michael Budd, Fraser Hart, Lewis Cains and Edd Mann, has posted their latest episode: The Power of Composition. In this episode they're joined by guest Scott Wlaschin, a senior software architect and developer with over twenty years of experience.

In this weeks episode we are lucky to have Scott Wlaschin back on the show. We start of discussion by highlighting his most recent talk on composition and some useful analogies to Lego, Brio and Unix. From here we move on to investigate function and type composition, the difference between a paradigm shift compared to simply a syntax one and the advantages of an opinionated language.

This leads us on to mention how within application design pushing the side-effects to the edge and keeping the core domain pure is beneficial. Finally, we touch upon testing in functional languages, experiences whilst consulting and Rich Hickey’s ‘Effective Programs’ talk.

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly for listening at your leisure. If you enjoy the show, be sure to subscribe to their podcast and follow them on Twitter to get updates on when the latest shows are released. Frequently Asked Questions About Laravel based APIs

Thu, 15 Mar 2018 10:35:09 -0500

On the site there's a new post that answers some of the frequently asked questions they've heard about APIs in Laravel-based applications.

Developing APIs are getting more and more popular, but still, it’s a bit blurry field for many developers. We collected some common questions and tried to answer them in one place.

Their list of questions includes:

  • "What does RESTful mean?"
  • "How does API authentication work?"
  • "Why Laravel has a “web” and an “api ” middleware group?"
  • "How can I test my APIs?"

For each there's a brief summary of the issue and links to other sources (documentation and packages) to help answer or fix the issue.

Christoph Rumpel: Content Security Policy 101

Thu, 15 Mar 2018 09:52:43 -0500

In a new post to his site Christoph Rumpel shares an introduction to the use of Content Security policies to prevent client-side security issues in your applications. While his examples are more Laravel-specific, the concepts can be applied to just about any framework or home-grown solution.

As more and more services get digital these days, security has become a significant aspect of every application. Especially when it comes to third-party code, it is tough to guarantee safety. But in general, XSS and Code Injection is a big problem these days. Content Security Policy provides another layer of security that helps to detect and protect different attacks. Today, I will introduce this concept and its main features, as well as show real-world examples.

He starts with a general look at web application security vulnerabilities and, more specifically, cross-site scripting issues. These are the ones that a Content Security Policy (CSP) can help prevent. He then covers the basics of the CSP header and gets into the implementation. In his example he sets up the addition of the CSP header as a middleware so that it's included on every request. With the default header all resources are blocked so he walks through the process of restoring access to the scripts, fonts and styles his blog needs to work correctly.

With the basics covered he then gets into a few more advanced features of CSP policies such as nonces for resource identification, iframe handling and the submission of forms. The post ends with a recommendation of the Laravel CSP package for use in Laravel applications. If you're looking for something more framework agnostic you might want to look into ParagonIE's CSP Builder library.

Marc Baker: Discharging Static #1

Wed, 14 Mar 2018 14:49:47 -0500

On his blog Marc Baker about static calls and the trouble they bring in your applications. It's a continuation of ideas that Kore Nordmann shared previously on his site.

It’s been seven years since Kore Nordmann first published “static considered harmful” on his blog, explaining the problems with using static method calls in classes, and the difficulties that they cause when trying to test that class. Seven years on, and those difficulties are still the same, and there is still new code being written using static calls despite that knowledge; but it’s often a more severe problem in legacy code with little or no unit tests.a

So why exactly are static calls so bad? If you’ve read Kore’s article, then you probably have a good idea already; but what that article doesn’t cover is approaches that we can use to make the code testable.

He covers the main issue static methods have when it comes to testing: they introduce coupling by hard-coding a dependency into your code. He talks about the static testing functionality that various PHP testing tools provided: PHPUnit, Phake and Mockery. He then focuses on a newer tool that he's discovered to help make the testing simpler: AspectMock. He gives an example of it in use and some examples of tests using anonymous classes to make it easier to create tests on the fly.